Date: Sat, 23 Apr 2005 13:06:33 GMT From: Wayne Salamon <wsalamon@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 75803 for review Message-ID: <200504231306.j3ND6XnP074112@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=75803 Change 75803 by wsalamon@rickenbacker on 2005/04/23 13:06:32 Audit the fork(), vfork(), and rfork() system calls. Change the test program to match, but comment out some unused bits for now. Affected files ... .. //depot/projects/trustedbsd/audit3/sys/kern/kern_fork.c#4 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#7 edit .. //depot/projects/trustedbsd/audit3/tools/regression/audit/test/process/tfork.c#3 edit Differences ... ==== //depot/projects/trustedbsd/audit3/sys/kern/kern_fork.c#4 (text+ko) ==== @@ -139,6 +139,7 @@ if ((uap->flags & RFKERNELONLY) != 0) return (EINVAL); + AUDIT_ARG(fflags, uap->flags); error = fork1(td, uap->flags, 0, &p2); if (error == 0) { td->td_retval[0] = p2 ? p2->p_pid : 0; @@ -412,6 +413,7 @@ p2 = newproc; p2->p_state = PRS_NEW; /* protect against others */ p2->p_pid = trypid; + AUDIT_ARG(pid, p2->p_pid); LIST_INSERT_HEAD(&allproc, p2, p_list); LIST_INSERT_HEAD(PIDHASH(p2->p_pid), p2, p_hash); sx_xunlock(&allproc_lock); ==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#7 (text+ko) ==== @@ -672,6 +672,10 @@ FD_KPATH1_VNODE1_TOKENS; break; + case AUE_RFORK: + tok = au_to_arg32(1, "flags", ar->ar_arg_fflags); + kau_write(rec, tok); + /* fall through */ case AUE_FORK: case AUE_VFORK: tok = au_to_arg32(0, "child PID", ar->ar_arg_pid); ==== //depot/projects/trustedbsd/audit3/tools/regression/audit/test/process/tfork.c#3 (text+ko) ==== @@ -26,6 +26,7 @@ * POSSIBILITY OF SUCH DAMAGE. */ #include <audittest.h> +#include <unistd.h> #include <sys/fcntl.h> #include <sys/uio.h> #include <sys/ktrace.h> @@ -45,12 +46,14 @@ void sig_handler(int sig, siginfo_t *sip, struct sigcontext *scp) { +#if 0 /* Generate an AUE_PTRACE record */ if (ptrace(PT_CONTINUE, child_pid, (caddr_t)1, SIGKILL) < 0) { AUT_PERROR("ptrace(PT_CONTINUE)"); exit(1); } aut_assert(AUE_PTRACE); +#endif /* We don't want to see the child dies signal */ act.sa_handler = SIG_DFL; sigaction(SIGCHLD, &act, NULL); @@ -78,37 +81,60 @@ /* Generate an AUE_FORK record */ if ((child_pid = fork()) < 0) AUT_PERROR("fork"); - aut_assert(AUE_FORK); /* Generate a success AUE_EXECVE record */ if (child_pid == 0) { execv("child", argv); AUT_PERROR("child one did not execute"); } + aut_assert(AUE_FORK); aut_assert(AUE_EXECVE); +#if 0 /* Generate an AUE_PTRACE record */ if (ptrace(PT_ATTACH, child_pid, NULL, 0) < 0) AUT_PERROR("ptrace(PT_ATTACH)"); aut_assert(AUE_PTRACE); +#endif while (wait(&status) != child_pid) ; +#if 0 /* Generate a failure AUE_PTRACE record */ ptrace(PT_ATTACH, 0, NULL, 16384); - +#endif /* Generate an AUE_VFORK record */ if ((child_pid = vfork()) < 0) AUT_PERROR("vfork"); + + /* Generate another success AUE_EXECVE record */ + if (child_pid == 0) { + execv("child", argv); + AUT_PERROR("child two did not execute"); + } aut_assert(AUE_VFORK); + aut_assert(AUE_EXECVE); + + while (wait(&status) != child_pid) + ; + /* Generate an AUE_RFORK record */ + if ((child_pid = rfork(RFPROC)) < 0) + AUT_PERROR("rfork"); + /* Generate another success AUE_EXECVE record */ if (child_pid == 0) { execv("child", argv); AUT_PERROR("child two did not execute"); } + aut_assert(AUE_RFORK); + aut_assert(AUE_EXECVE); + + while (wait(&status) != child_pid) + ; +#if 0 if (open(ktrace_file, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR) < 0) { AUT_PERROR("open of ktrace file"); exit(1); @@ -121,7 +147,7 @@ /* Generate an AUE_KTRACE record with a bad filename */ ktrace("ANonExistentKtraceFile", KTROP_SET, KTRFAC_SYSCALL, child_pid); - +#endif /* Generate another AUE_VFORK record */ if ((child_pid = vfork()) < 0) AUT_PERROR("vfork"); @@ -130,6 +156,10 @@ if (child_pid == 0) execv("aChildThatDoesntExist", argv); + aut_assert(AUE_VFORK); + /* A failure AUE_EXECVE record */ + aut_assert(AUE_EXECVE); + unlink(ktrace_file); aut_shutdown();
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200504231306.j3ND6XnP074112>